On Sun, 5 Mar 2017 20:38:51 -0600 Ian Pilcher <[email protected]> wrote:
> I have a Banana Pi-based firewall system, which runs off a micro-SD > card and sends all of its logs (including audit events) to a syslog > server. > > I have set "write_logs = no" in /etc/audit/auditd.conf, but the local > log file is still being written. (Commenting out the log_file line > causes auditd to abort.) > > What do I need to do to disable writing the local file? > > (This is audit 2.6.5 on CentOS 7.) There was a z-stream audit package shipped last week that fixes this. I suspect it hasn't worked its way through Centos just yet. You can pick up the srpm in koji if you're in a hurry. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
